Saturday, August 2, 2014

Azure Automation - shutdown azure virtual machine – step by step

Why?

Managing Azure resources using Management portal
is cumbersome job for infrastructure guys. In one of my customers company
(where I am supporting Azure Project as a consultant), the developer used start the Azure VM in the morning and many times they never stopped the azure VM while leaving from office. Ofcourse this used to incur huge cost for them. Therefore IT team guys used to check if their development Azure VM's are running, if yes then they used to shutdown it from azure portal to save on cost of running Azure VM overnight. The number of VM’s to
stop was around 30 to 50. They had been performing this manually in
combination of powershell script and few operations from management portal.
This simple activity had consumed 25% of the IT people bandwidth and it was
problem for them. Thanks to Azure Automation!!! IT guys don’t have to shutdown Azure
VM anymore manually and they are happy now.

What?

So, Azure automation is the new service in
preview. Well, Azure automation is not the only service that can automate the
common activities of Azure. Powershell exists since long and in fact powershell
is the basis behind Azure Automation service. You can automate the creation,
deployment, monitoring, and maintenance of resources in your Microsoft Azure
environment using runbooks, which ultimately uses Windows PowerShell workflows.

Ofcourse, Chef and Puppet are also doing the same
automation job greatly however, I find them pretty complex. I know most of you
may not agree, however, I feel Chef, Puppet is best for Linux, Unix OS based
Azure VM. For Windows OS based Azure VM, Azure Automation with Powershell is
your key.

In this post, I will be giving step by step
approach to shutdown your Azure virtual machine using Powershell and Azure
automation.So let’s start!!

You may not have observed, but I feel the concept
of Azure automation is very much similar to what Chef is doing for automation.
See below comparison between Chef and Azure Automation –

ChefJargons – Recipe, cookbook

Azure
AutomationJargons
– Job, Runbook

Cookbook – Runbook!!! Of course it is just an
observation.

Runbook – Runbook is a set of powershell commands
that gets executed based on schedule set in Azure automation. So the book has
sentences (or commands) that run in Azure Automation service. In azure
automation we always execute powershell scripts under runbook.

If it becomes generally available then this step
will not be required.

Automation
Account

Create Automation Account first as shown in below
screenshots –

As a preview feature, these are supported only in
US region as of now.

Certificate
Management

An Automation Credential is both a username and
password that can be used with Windows PowerShell commands or a certificate
that is uploaded to the server. We will use certificate based approach. Therefore
we need certificate to authenticate azure subscription. Best way is to use
self-signed certificate either created from makecert command or created from
IIS itself.

Let’s see the way of using IIS. Open run Window
and type INETMGR to open IIS window. Select the local machine name and double
click on Server Certificates option as shown below –

Click on Create Self signed Certificate and name
it as AzureAutomation and store as Personal.

Right click the newly created certificate and
click on View as shown below –

Go to Details and Tab and click on Copy to file.

Click on Next-> do not export private
key->DER Encoded binary X.509(.CER) file-> name as AzureAutomation and
provide path of your choice to save the file as .CER file.

Now we need to export its .pfx file. Therefore
right click on certificate name in IIS and select Export option. Provide the
appropriate password and path of your choice.

Upload
Certificate to Azure

Now we need to upload the .CER file to Azure
Management Portal. Go to Settings tab on portal and upload certificate to
Management Certificates as shown –

Record
Subscription Id

On the same window, go to subscription tab and
copy the subscription id for future use.

Create
Automation Credentials Asset

Assets are available to all runbooks. As the name
indicates, Assets can be reused over and over. Therefore we will create asset
to establish the connection and credentials for authentication with Azure. Once
this asset is ready it can be used in any runbook in future.

Now I click on Automation account that I created
earlier and select the Assets tab and click on Add Settings as shown –

In above screenshot, the Azure
module that comes as installed by default for your azure automation account. It
is free and you will not be charged for this default module. However you will
be charged for modules that are uploaded by you. Also, I see hardly any use of
default Azure module.

On settings window select Add Credentials option
as shown –

Now as we are using certificates as an
authentication mechanism, select Certificate option in Credential Type dropdown
and name the credential as Azure Automation Credentials. Provide description if
you wish to otherwise it is optional.

On next page I uploaded the .pfx certificate that
I created.

Create
Automation Connection Asset

Now we will define connection information as an
asset so that it can be used again in future runbooks. Therefore on assets tab
itself select Add Settings as above and choose option of Add Connection.

Select Connection type as Azure, Name as “Your
Subscription Connection” and optionally you can put description as well.

Provide the certificate name we created in above step and subscription id in which your automation account is created and then click to complete
the configuration.

So connect-Azure is a powershell script and hence
we will need to upload it as runbook. Click on Runbook option and click on
Import. Provide the path of connect-azure.ps1 file and import.

Select the uploaded Connect-Azure runbook and
under Author tab select Draft option and then publish the Connect-Azure
runbook.

This published Connect-Azure runbook now can be
used in any custom runbook here after to make the connection to azure
subscription. I will use it in my Backup Azure Virtual Machine runbook.

Note - Upto
this point all above steps are common for authoring any
runbook in Azure Automation.

Create
Azure Virtual Machine shutdown runbook

Now I have created a powershell script that can
shutdown the Azure Virtual Machine after 6PM of local time if at all the VM is running. This Azure VM shutdown powershell script we will upload as a runbook
along with common code of Connect-Azure runbook.

Kindly
download the Deallocate-AzureVM Powershell script and follow below steps.Now we
will upload the Deallocate-AzureVM in the same way as Connnect-Azure runbook. So
like before, select RUNBOOKS tab and
click on Import button at the bottom and select the Azure VM shutdown powershell
file.

I clicked on Test button which is next to Publish to see if the script is working correct and the output of Test was awesome. As you can see below my VM was stopped and was showing Stopped(Deallocated) state on azure VM portal successfully.After this, Select Author | Draft | Publish at the bottom to publish the Azure-Deallocate
PowerShell run book.

Now we will schedule the published Azure VM shutdown script. The schedule can be of daily, for the time being I am setting the job daily at 7PM so that when developer leaves the machine and offices by 6PM, VM will go shutdown automatically at 7PM. Click on Schedule tab and provide the values as below -

Next I need to start the Runbook Deallocate-AzureVM and provide the parameter which will be VM name to be shutdown and cloud service name. This is nothing but the creating job for runbooks. So on the published tab itself you will find Start button at the bottom, click on it and a pop up window will appear. This is where we need to specify cloud service name and VM name, as
follows –

In above pop up provide the value of your VM to be shutdown and cloud service name in which your Azure VM resides. Note that the names are not fully qualified names. Means for example, I am not putting the name as myservice.cloudapp.net.
Now if you click on Jobs tab, you will observe the jobs that have run till date. These jobs will be created by schedule automatically and will check the status of VM and then if found running then the job will shut it down.

This completes the configuration of job for one VM. If you have more than 1 VM then you will need to create those many schedules. Or better way would be to have for-each loop to retrieve all VM's within subscription and shut them down in for loop in one schedule. If you are looking for such a script, then contact me.

That’s it guys. I hope now
you understand how Azure Automation simplifies the Azure resource management
and present itself as a powerful tool for Azure DevOps.

6 comments:

I'll try to do it, but Test deallocate-azurevm show me error: Exception: Could not retrieve 'System.Collections.Hashtable.AutomationCertificateName' certificate asset. Check that you created this first in the Automation service.What's wrong?

Nice walkthrough. Just a note that Microsoft has recently started recommending to use Azure AD accounts rather than certificates for authentication. For those interested in an example that uses this for VM scheduled shutdown/startup, see:

To learn how such Azure VM automation can be monitored and systematized, check out two blogs below:VMs can be shutdown or scaled down on a schedule. Shut-down Azure VMs on a schedule: http://cloudmonix.com/blog/how-to-automate-schedule-shutdowns-of-azure-vms/Scale-down Azure VMs on a schedule: http://cloudmonix.com/blog/how-to-automate-scaling-of-azure-vms/

An alternative for those who prefer a non-scripting solution is a service called VMPower (https://vmpower.io/). There is a calendar feature that makes automating shutdown, startup and resize of VMs pretty intuitive to do in <15 minutes.

Also for organizations juggling cloud subscriptions across multiple cloud providers (Azure, AWS, & GCE) , you can manage all of your VMs in one unified dashboard.

Followers

About Me

I am Kunal Chandratre. Working as Cloud Solution Architect @Microsoft. My speciality is Microsoft Azure Cloud platform.
Awarded as Most Valuable Professional (MVP) in Microsoft Azure for consecutive 3 years. Passionate speaker, trainer...In free time (which I don't get usually)I write blogs and answers the forum questions. I was doing it just for timespass but now I have got addicted to blogging...Apart from work, I do variety of things which I can't tell here:).. I am trekker, singer, actor, painter, f1 racer, super hero in my dreams.. ...and now trying my luck with technologies...Keep posting...

Visitors

Disclaimer:

The information shared in this blog is the result of my personal experience with various technology platforms. In no way it represents the company I work for.
The information provided here is "AS IS" with no warranties, and confers no rights. This blog does not represent the thoughts, intentions, plans or strategies of my current employer or past empolyers or any other forums or community I belong to. It is fully my own opinion. Inappropriate comments will be deleted at the authors discretion. All code samples are provided "AS IS" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.I have full rights to edit/modify/delete any content of this blog without any prior notice to public/followers/RSS readers of this blog.